World Cup Virus Season Kicks Off

WEBINAR:On-Demand

Researchers have identified at least two viruses disguised as information for fans of the upcoming FIFA World Cup in Germany, a tactic that has scored goals for malware writers in the past.

The FIFA World Cup 2006 tournament won't get underway in Germany until early June, but computer virus writers are already attempting to cash in on the planet's most popular sporting event with viruses aimed at deceiving eager soccer fans.

Researchers at UK-based Sophos released notification of a new attack that infects Microsoft Excel files and has been disguised as a spreadsheet charting the national teams participating in the World Cup.

Identified by the security company as XF97/Yagnuul-A, the virus lives in an Excel file that offers to help people set up fantasy sports competitions related to the international soccer championship, and also attempts to market itself specifically to fans of the English Premiership, one of the world's top professional leagues.

Once the World Cup virus has infected a PC, it begins forwarding itself to other people using the corrupted machine and may also send itself to people listed in any e-mail client software on the device, Sophos said.

The Excel virus marks the second World Cup-oriented attack identified by the company in the last week. On May 4, Sophos detailed a Trojan virus dubbed Troj/Haxdoor-IN, which cloaked itself as a wall chart of the teams competing in the tourney that fans could print out and use to follow the action.

The threat was noticed as it was distributed via spam e-mail, and while it specifically targeted speakers of German, the virus could easily be adapted to other languages, researchers said.

As in the United States, where large amounts of office workers wager on the NCAA's Men Basketball Championship by joining related Web sites or filling out electronic forms, soccer fans abroad are increasingly creating their own leagues for following the World Cup, said Graham Cluley, senior technology consultant at Sophos.

"The hackers know that people are rabid for information to follow their favorite team in the tournament and that many will be at work, where they won't be able to watch live on TV and could fall prey to this sort of attack," said Cluley.

"People have become suspicious about opening a file that appears to be a revealing picture of a celebrity, but when it comes to something like sports, some people may still let their guard down out of curiosity."

Attempts by hackers to take advantage of the wide appeal of the World Cup, which is held once every four years, are nothing new, Cluley said.

Sophos has tracked threats tied to the event since as far back as 1998. And there is also reason for hackers to believe that they could succeed using such ploys, as the Sober.n worm viruswhich misrepresented itself as an opportunity for people to buy tickets to the World Cupwas one of the most widespread computer attacks of 2005 worldwide.

In addition to the sheer number of soccer fans around the globe interested in World Cup-related information, Cluley said that the event is also likely to draw many new Internet users and people in developing nations where anti-malware programs are less widely used, both of which could help the threat lure in more victims.

For enterprises, the key is making sure that employees are vigilant about security threats at all times, regardless of what they may be crafted to look like, according to Cluley, who said that some companies have even begun e-mailing fake attacks to their workers just to monitor who may be easily coerced into opening suspicious messages or attachments.

"Whether it's a new TV series or some horrible natural disaster, the virus writers are quickly jumping on whatever hot news story is out there because they know a lot of people will be looking," Cluley said.

"Businesses don't need to send out a reminder to warn employees every time there's an earthquake or a big soccer match, but it should serve as an incentive to keep their systems protected and actively educate workers on what sorts of behavior to avoid."

Check out eWEEK.com's for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's Weblog.

By submitting your information, you agree that channelinsider.com may send you channelinsider offers via email, phone and text message, as well as email offers about other products and services that channelinsider believes may be of interest to you. channelinsider will process your information in accordance with the Quinstreet Privacy Policy.

By submitting your information, you agree that channelinsider.com may send you channelinsider offers via email, phone and text message, as well as email offers about other products and services that channelinsider believes may be of interest to you. channelinsider will process your information in accordance with the Quinstreet Privacy Policy.